Hiding Your Personal Files From Pros More serious approach to privacy

[xerxes1405241546 0]

Inspired by this thread, I decided to launch this one to see how you folks approach the issue of securing your private files at work or at places where computer-professionals can access the machine you use. Following is my response to ethergeek's post in the aforementioned topic:

The best way to hide your private files is to not keep them on machines that aren't yours.

I agree with that completely. Such machine could always be taken away from you without prior notice, with the files you care about in it. Besides, if the machine isn't yours you can't really control and evaluate the security mechanisms employed in such system.

install TrueCrypt or FreeOTFE

The problem with such kind of mechanism is that if you will loose control over the operating system, you can't gain access to your encrypted files anymore. Besides anybody who gains access to your account, can access the encrypted files as well. Moreover, there are already known viruses that can access OS's kernel to stop A-V and firewall software. I don't think we have to wait long till such malicious programs take over kernel drivers to read your encrypted files, which are important by definition. ethergeek - could you tell us a bit more about you installation of TrueCrypt? Do you need a password, or a certificate to initiate the process? What happens if you need to reinstall the system (without any break-downs)?

keep your private files on a USB key in your pocket.

That seems to work well (especially that there are Linux distributions designed to fit on such keys, and with such you can encrypt the contents of the key as well), unless you are in an environment, where security is a concern and USB ports are disabled.

[ethergeek 0]

If you were gonna quote my post and then comment on it in a new thread, ya should have sent me a PM; I'd have responded sooner

ethergeek - could you tell us a bit more about you installation of TrueCrypt? Do you need a password, or a certificate to initiate the process? What happens if you need to reinstall the system (without any break-downs)?

TrueCrypt and FreeOTFE can use passwords, keyfiles, and any combination thereof. There is nothing that links it to your windows account (if there is I sure as hell don't use it). Both applications are compatible in some way with Linux also; the FreeOTFE can create and work with linux dmcypt and cryptoloop volumes, and TrueCrypt has a linux version that will mount volumes directly. FreeOTFE also has a version for PocketPC.

I secure mine with a hard passphrase for the most part, though one of them additionally requires a keyfile on a USB key I keep in my safe at home.

[Alegis 0]

The problem with such kind of mechanism is that if you will loose control over the operating system, you can't gain access to your encrypted files anymore.

That's the whole point of security. Someone who can't get in your OS can't access them - otherwise someone would be able to leech the files off your HD by using something like EnCase. It's only evident that if you invest in security you lose some ease of use.
You guys are paranoid!

[wutske 0]

I have the data on my laptop encrypted using TrueCrypt and a few keys on a USB stick. It's not realy 100% secure because the 'drives' are only unmounted when I reboot and if you have the USB stick and you know you need it you can easily access the my data. Still, it's better than nothing

[Grafitti 0]

I like PGP's Full Disk Encryption. That's about as safe as civilian encryption gets, as far as I know.

[xerxes1405241546 0]

That's the whole point of security. Someone who can't get in your OS can't access them - otherwise someone would be able to leech the files off your HD by using something like EnCase.

I disagree. I don't understand why encryption software cannot be efficient and user-friendly at the same time. I would choose a software which:a) enables you to access the files transparently (of course after providing ID of some sort, whether it's a password or a digital certificate)
does not have to be installed with admin privileges
c) grants you the possibility of moving the encrypted files to a different computer and decrypting them over there

You guys are paranoid!

That's not paranoia. I'm sure most of us keep private stuff at our work, even though we are not suppose to. IT guys usually have full access to our computers, with root accounts obviously, so that's nothing strange that we want to cover our tracks.

I like PGP's Full Disk Encryption. That's about as safe as civilian encryption gets, as far as I know.

Could you tell us a bit more about it? Why do you think Full Disk Encryption is better than other available solutions (as in better than creating a password-protected archive)? Remember we're talking about non-private computers so you can't really install software on your own, at least not that which hooks into the OS.

[FirefoxRocks 0]

Of course it doesn't matter if you use a USB drive, a password-protected mountable drive or anything really if the IT department can view your computer screen remotely. My school for instance has NetSupport or something like that and they can view your screen with a program that they use downstairs. I think a bar pops up when they are looking at your screen, it enables you to chat with and get help, but if you do open your personal files there, they can still see it.

[wutske 0]

Of course it doesn't matter if you use a USB drive, a password-protected mountable drive or anything really if the IT department can view your computer screen remotely. My school for instance has NetSupport or something like that and they can view your screen with a program that they use downstairs. I think a bar pops up when they are looking at your screen, it enables you to chat with and get help, but if you do open your personal files there, they can still see it.

If you start to think like that then I guess you're a bit paranoia. People walkin around in the classroom can watch your computer screen too. If you don't want people too see some personal files/data, then don't open them in public environments.
Do note that password protected mountable drive aren't safe at all, the data can be read as raw data, and thus skipping the password protection. Some fingerprint protected usb drives implement this way of protection, it can be skipped easily (sometime you can even access the data if you modify the usb drive a bit (setting a logical one on a certain input).
The only way to protect you agains all this is encryption with a descent key (not to easy to guess and long enough). Keyfiles in combination with a password is probably the best method.

[veerumits 0]

The information here i post is just for my personal experience.To break the security is very easy task if people know your personal information from any source like accessing your personal system, give to use your personal system due to happening circumstances this is your majboori to give the system to use. or applying for any kind of subscription is also need your personal information and that information is sold.this is also a one kind of leakage your information with out any prior notice to you that i am going to sell your information to fulfill our requirement, any way i want to say that your information will change from personal to global so user are suffered so many kind of lack of security issue. if you are using passworded pen drive with a secure software that information can also be fetch by the security breaker with the help of automated software system. any kind of virus program can also destroy your files generate new unwanted files. even you are using security software this is happen because your personal information from any kind of source is leakage.

[toby 0]

Multi-platform, passworded, wired, locally-networked, hidden computer. That won't connect to Windows I may end up having something similar to this, not out of paranoia, but it is the best solution for local backup/downloader.